Set up your infrastructure for hybrid work with

Microsoft 365
Features in Microsoft 365 and other Microsoft cloud services enable you to work from anywhere and at any time in a
highly collaborative, productive, and secure way. Follow the steps below to support hybrid work in your organization.

Step 1. Increase sign-in security with multi-factor authentication and Conditional Access

Use Conditional Access to require hybrid workers to sign in using a password and
an additional verification method such as Microsoft Authenticator, a phone call, or
a text message.

Step 2. Provide remote access to on-premises apps and services

For many organizations, remote workers need access to both on-premises and cloud apps and resources.

Microsoft 365
Your organization Microsoft 365

Microsoft 365
traffic
Teams Exchange SharePoint OneDrive
On-premises
AD DS forest

Application Enrolled devices

datacenters Intune Azure

On-premises resources include apps and Hybrid worker Microsoft 365 resources include productivity apps, the data stored in
services running on internal servers. them, device management, and security services.

Use this flowchart to determine how to provide remote access:

Want your
Existing remote No workers to use No Are all your on-
premises apps
No Use Azure Point-
access VPN? their personal to-Site (P2S) VPN
web-based?
computers?

Yes Yes Yes Remote Desktop Services (RDS)

Configure split Use an RDS Gateway to protect access to on-

Use Windows Use Azure AD
tunneling 365 Cloud PC Application Proxy premises Windows devices and servers.

Step 3. Deploy security and compliance

• Microsoft Defender for Office 365 to protect your Microsoft 365 apps and data from attack
• Malware protection for Windows 11 or 10, SharePoint files, and Exchange email
• Defender for Office 365 to detect and respond to advanced cyberthreats
Security • Microsoft Defender for Cloud Apps to protect both Microsoft 365 and other SaaS apps
• Azure Active Directory (Azure AD) Identity Protection to detect and remediate identity-based risks

docs.microsoft.com/microsoft-365/compliance/compliance-quick-tasks

• Sensitivity labels to classify your data for levels of protection

• Data Loss Protection (DLP) to prevent inappropriate sharing of data
• Conditional Access App Control to keep sensitive data off personal devices
• Data retention labels and policies to implement data governance
• Office message encryption (OME) for secure email to internal and external mailboxes
Compliance • Communication Compliance to prevent inappropriate messages and Insider Risk Management to address malicious
and inadvertent risks
• Compliance Manager and Compliance Score to manage and improve your subscription’s compliance configuration

docs.microsoft.com/microsoft-365/security/top-security-tasks-for-remote-work

For deployment guidance, visit aka.ms/m365hybridwork January 2022 © 2022 Microsoft Corporation. All rights reserved.
Set up your infrastructure for hybrid work with
Microsoft 365
Step 4. Deploy endpoint management

Microsoft Configuration Co- Endpoint Windows

Intune Manager management Analytics Autopilot
Use app Deploy apps, Attach your Use Endpoint Simplify the
protection software existing Analytics to lifecycle of
policies for updates, and Configuration inventory apps Windows
granular control operating Manager running in your devices by pre-
over data and systems to deployment to organization configuring new
allow access manage the Microsoft and deploy devices for
only for the desktops, 365 cloud to Windows 11 or production use
servers, and concurrently 10 to pilot and and for
right people
laptops from manage production- resetting and
under the right
on-premises or Windows 11 or managed recovering
conditions. the cloud. 10 devices. devices. existing devices.

Microsoft Endpoint Manager includes Microsoft Intune and Configuration Manager.

Step 5. Deploy hybrid worker productivity apps and services

Exchange Online SharePoint and

Microsoft Teams Microsoft 365 Apps
and Outlook OneDrive

• Chat and • Send and receive • Migrate files to • Create and co-
conversations email SharePoint and author in real time
OneDrive on documents
• Meetings, events, • Manage calendars,
and conferences contacts, and tasks • Collaborate on, store, • Get the latest
and manage security and feature
• Calling
documents updates
• Apps and
• Work from Teams,
workflows
Office desktop apps,
or a web browser

Includes PCs and mobile devices such as smartphones and tablets.

Step 6. Train your hybrid workers

• How to use MFA with an additional verification method

Sign-in • How sign-ins can be blocked for users that use legacy authentication
• How risky sign-ins can be blocked or force the employee to change their password

Remote access • How to use your organization’s remote access VPN client, Windows 365 Cloud PC, or RDS

Endpoint •
•
How endpoint management policies can be used to block access for non-compliant devices
The use of allowed apps and how app polices can be used to block the use of apps
management • How to use and interact with Windows 11 or 10 Enterprise security features

• How to install and use Microsoft 365 Apps

• How to use Teams for chat, video-based conferencing, document sharing, and threaded conversations
Productivity apps •
•
How to use Outlook for email and scheduling
How to use SharePoint team or communication sites and OneDrive folders to browse and collaborate on
and services files in a user's library and those belonging to a group

support.microsoft.com/training

For deployment guidance, visit aka.ms/m365hybridwork January 2022 © 2022 Microsoft Corporation. All rights reserved.